Application Penetration Testing & Remediation Guidance for a SaaS Platform
Category: B2B SaaS (Project & Client Management for Marketing/Software Agencies)
Stack: Debian, Apache, PHP (Laravel), JavaScript (Angular), Python Microservices
I was brought in by the Ultimay engineering leadership to perform a targeted security assessment of their flagship SaaS platform, which supports project management workflows across multiple roles—Owner, Manager, Developer, and Customer.
🎯 Scope of Engagement:
Full-scope authenticated web application pentest
Coverage of multi-role permission testing and custom file handling logic
Direct collaboration with the internal development team to review security architecture and advise on remediation
Bonus input into feature architecture for safer future implementations
🛠️ Tools & Methodology:
I performed a thorough black-box and authenticated assessment using:
nmap for port and service enumeration
OpenVAS for infrastructure-level vulnerability scanning
Burp Suite for proxy-based web testing and XSS/IDOR exploitation
Nikto and Dirb for directory traversal and server misconfiguration discovery
Custom multi-user testing scripts to simulate role-based access control abuse scenarios
🚨 Key Findings:
I discovered multiple high-impact vulnerabilities, including:
Stored Cross-Site Scripting (XSS) across project notes and comment interfaces, allowing persistent JavaScript injection and potential session hijacking via stolen cookies
Insecure Direct Object References (IDORs) enabling cross-account access to documents, client notes, and internal timelines by manipulating resource identifiers
Remote Code Execution (RCE) via a race condition in the file upload and zip handler, where a malicious PHP payload could be temporarily executed before sanitation logic was applied
🤝 Outcome:
I worked hands-on with the internal engineering team to:
Reproduce and patch all identified issues with proper input validation, session scoping, and secure file handling
Build unit tests and regression logic to prevent future reintroduction of similar bugs
Advise on secure-by-design principles for upcoming features in their roadmap
This engagement demonstrated my ability to combine deep application security knowledge with collaborative engineering processes, ensuring that Ultimay could ship safer code with confidence.